OTL logfile created on: 2012-07-07 17:56:21 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 1,90 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 83,44% Memory free 3,65 Gb Paging File | 3,57 Gb Available in Paging File | 97,81% Paging File free Paging file location(s): D:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 50,01 Gb Total Space | 24,70 Gb Free Space | 49,40% Space Free | Partition Type: NTFS Drive D: | 99,04 Gb Total Space | 64,23 Gb Free Space | 64,85% Space Free | Partition Type: NTFS Drive F: | 3,86 Gb Total Space | 3,67 Gb Free Space | 95,04% Space Free | Partition Type: FAT32 Computer Name: OLSWL904916 | User Name: P011229 | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-07-07 17:46:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2009-02-26 16:37:28 | 000,630,784 | ---- | M] (Arkoon Network Security - http://www.securitybox.net) -- C:\Program Files\MSI\Security Box\Kernel\SBKrnl.exe PRC - [2008-04-14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-03-26 21:47:34 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2010-10-20 17:41:28 | 000,115,008 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll MOD - [2007-12-25 00:21:18 | 001,052,160 | R--- | M] () -- C:\Program Files\Novell\ZENworks\nls\english\NalUIRes.dll MOD - [2007-06-21 11:09:04 | 000,245,843 | ---- | M] () -- C:\WINDOWS\system32\nwshlxnt.dll MOD - [2006-12-14 11:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll MOD - [2004-07-30 17:05:24 | 000,121,660 | ---- | M] () -- C:\WINDOWS\system32\nls\ENGLISH\nwshlxnr.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-05-31 07:18:16 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-03-16 18:23:24 | 000,240,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Mobilny\UpdateDog\ouc.exe -- (Internet Mobilny. RunOuc) SRV - [2012-02-29 17:52:52 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2012-02-27 10:35:05 | 002,093,322 | ---- | M] (Internet Security Systems, Inc.) [Auto | Stopped] -- C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe -- (BlackICE) SRV - [2011-10-18 17:30:01 | 000,049,152 | ---- | M] (Novell, Inc.) [Auto | Stopped] -- C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe -- (TSCensus Collection Client) SRV - [2011-07-11 09:06:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Stopped] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2011-07-11 09:05:08 | 003,417,480 | ---- | M] (IBM) [Auto | Stopped] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2011-04-19 02:39:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2011-04-19 02:39:00 | 000,143,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2011-04-19 02:39:00 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Stopped] -- D:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2011-01-05 04:09:12 | 000,116,704 | ---- | M] (symantec) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2011-01-05 04:09:06 | 001,973,216 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2011-01-05 04:08:50 | 000,031,200 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2010-12-02 19:25:22 | 001,757,184 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine) SRV - [2010-12-02 19:04:48 | 000,114,688 | ---- | M] (iPass, Inc.) [Auto | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService) SRV - [2010-12-02 19:04:36 | 000,176,128 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp) SRV - [2010-10-23 07:48:40 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010-10-20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc) SRV - [2010-10-20 17:41:08 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool) SRV - [2010-09-24 18:19:10 | 001,996,408 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE -- (RSLinx) SRV - [2010-09-22 16:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2010-04-07 16:19:42 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2010-04-07 16:19:32 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2010-03-03 14:16:16 | 000,202,016 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony) SRV - [2010-01-28 18:44:56 | 001,274,122 | ---- | M] (Internet Security Systems, Inc.) [Auto | Stopped] -- C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe -- (RapApp) SRV - [2010-01-28 18:44:54 | 000,405,770 | ---- | M] (Internet Security Systems, Inc.) [Auto | Stopped] -- C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe -- (VPatch) SRV - [2009-12-11 12:40:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2009-02-26 16:37:32 | 000,065,536 | ---- | M] (Arkoon Network Security - http://www.securitybox.net) [Auto | Stopped] -- C:\Program Files\MSI\Security Box\Kernel\SBKSRV.EXE -- (SBKSRV) SRV - [2008-12-17 16:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2008-07-10 22:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008-07-10 22:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2008-07-10 22:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008-06-25 13:17:06 | 000,218,408 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Rockwell\RsvcHost.exe -- (RsvcHost) SRV - [2008-06-25 13:15:22 | 000,148,776 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe -- (RNADiagReceiver) SRV - [2008-06-25 13:15:18 | 000,034,088 | ---- | M] (Rockwell Automation Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe -- (RNADiagnosticsService) SRV - [2008-06-04 14:04:32 | 000,099,728 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLinx\dnwhodisp.exe -- (dnWhoDisp) SRV - [2008-05-22 17:50:46 | 000,058,664 | ---- | M] (Rockwell Automation Inc.) [Auto | Stopped] -- C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe -- (FTActivationBoost) SRV - [2008-01-22 08:00:14 | 000,113,152 | R--- | M] (Novell, Inc.) [Auto | Stopped] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE) SRV - [2007-12-25 00:21:44 | 000,152,128 | R--- | M] (Novell, Inc.) [Auto | Stopped] -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM) SRV - [2007-12-25 00:21:26 | 000,061,440 | R--- | M] (Novell, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\Novell\xtagent.exe -- (XTAgent) SRV - [2007-09-18 20:34:28 | 000,147,456 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe -- (Rockwell Tag Server) SRV - [2007-09-18 20:26:24 | 000,077,824 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe -- (Rockwell HMI Diagnostics) SRV - [2007-09-18 00:57:28 | 000,212,992 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Rockwell\RdcyHost.exe -- (RdcyHost) SRV - [2007-09-18 00:57:20 | 000,212,992 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Rockwell\NmspHost.exe -- (NmspHost) SRV - [2007-09-17 23:43:08 | 000,991,232 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe -- (RNADirMultiplexor) SRV - [2007-09-17 23:42:44 | 000,897,024 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Rockwell\RnaDirServer.exe -- (RNADirectory) SRV - [2007-09-17 23:36:32 | 000,282,624 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe -- (EventClientMultiplexer) SRV - [2007-09-17 23:36:08 | 000,217,088 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Rockwell\EventServer.exe -- (EventServer) SRV - [2007-07-26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2007-07-09 10:47:58 | 000,094,208 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe -- (LogReceiver) SRV - [2007-06-26 15:11:48 | 000,217,088 | ---- | M] (Rockwell Automation) [Auto | Stopped] -- C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe -- (RSLinxNG) SRV - [2006-08-11 16:51:04 | 000,028,672 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc) SRV - [2006-06-29 23:57:50 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2006-05-09 11:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) [Auto | Stopped] -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent) SRV - [2005-11-25 10:11:02 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum) SRV - [2004-03-05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\VirtualBackplane.sys -- (VirtualBackplane) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\pcidnt.sys -- (pcidnt) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-05-16 06:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012-05-16 06:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012-04-25 11:44:52 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120705.018\navex15.sys -- (NAVEX15) DRV - [2012-04-25 11:44:48 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120705.018\naveng.sys -- (NAVENG) DRV - [2012-03-30 09:03:51 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x) DRV - [2012-03-16 18:23:28 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012-03-16 18:23:28 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012-03-16 18:23:28 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012-03-16 18:23:28 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2012-02-27 09:54:40 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011-12-13 02:45:19 | 000,145,280 | R--- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IT9135BDA.sys -- (IT9135BDA) DRV - [2011-04-19 02:39:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD) DRV - [2011-04-19 02:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2010-10-23 07:24:38 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010-09-24 16:38:42 | 000,155,440 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\rsserial.sys -- (RSSERIAL) DRV - [2010-09-24 16:38:42 | 000,039,067 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl) DRV - [2010-09-23 10:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2010-09-16 20:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2010-03-19 15:47:34 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2010-03-19 15:47:32 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2010-01-28 18:44:54 | 000,050,163 | ---- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (rap) DRV - [2010-01-28 18:44:50 | 000,080,512 | ---- | M] (Internet Security Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\isskboep.sys -- (MakoNT) DRV - [2010-01-28 18:44:48 | 000,205,938 | ---- | M] (Internet Security Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Blackcat.sys -- (black) DRV - [2009-10-09 14:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf) DRV - [2009-10-09 14:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2009-10-02 10:14:32 | 000,553,728 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation) DRV - [2009-10-02 10:14:32 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS) DRV - [2009-10-02 10:14:32 | 000,021,888 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP) DRV - [2009-09-18 14:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009-09-04 12:03:02 | 000,185,344 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC) DRV - [2009-08-04 05:32:00 | 000,004,608 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2009-06-30 12:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2009-06-30 12:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2009-06-30 12:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2009-06-24 17:24:34 | 000,034,592 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2) DRV - [2008-12-17 16:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI) DRV - [2008-12-17 16:20:34 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2008-12-16 17:14:48 | 000,042,496 | ---- | M] (Arkoon Network Security - http://www.securitybox.net) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SBSWAPXP.SYS -- (SBoxSuiteSwapDrv) DRV - [2008-07-24 18:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008-06-26 08:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008-06-13 16:42:56 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R) DRV - [2008-05-22 14:01:50 | 000,754,176 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2008-05-12 18:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008-04-18 17:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008-04-14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008-04-10 11:22:24 | 000,015,328 | ---- | M] (Axalto) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\egatebus.sys -- (Egatebus) DRV - [2008-04-10 11:22:24 | 000,013,440 | ---- | M] (Axalto) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\egaterdr.sys -- (Egaterdr) DRV - [2008-03-26 14:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm) DRV - [2008-03-26 14:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2008-02-04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2008-02-04 18:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2008-01-08 11:27:00 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM) DRV - [2007-07-26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2007-05-11 17:38:00 | 000,071,168 | ---- | M] (Arkoon Network Security - http://www.securitybox.net) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SBoxDisk.sys -- (SBoxDisk) DRV - [2006-10-02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2006-10-02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2006-02-02 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006-02-02 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006-02-02 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006-02-02 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006-02-02 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006-02-02 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006-02-02 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005-11-22 11:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP) DRV - [2005-11-18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005-11-18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005-10-27 17:15:14 | 000,039,731 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32) DRV - [2005-10-12 14:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST) DRV - [2005-10-12 14:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS) DRV - [2005-05-23 15:47:18 | 000,006,899 | ---- | M] (Novell Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\blankscr.sys -- (BlankScr) DRV - [2004-09-14 18:53:56 | 000,070,304 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gpccard.sys -- (GPCCARD) DRV - [2004-06-01 19:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR) DRV - [2003-07-29 16:12:12 | 000,018,464 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gempcc.sys -- (GEMPCC) DRV - [2003-03-19 16:10:00 | 000,035,302 | ---- | M] (Attachmate Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\atmdlc.sys -- (ATMDLC) DRV - [2003-02-26 15:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP) DRV - [2002-11-13 14:38:40 | 000,016,447 | ---- | M] (Rockwell Automation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RSI-PKTX-A.sys -- (RSI-PKTX-A) DRV - [2002-04-23 19:02:26 | 000,038,999 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rsiktNG.sys -- (RSLINXNGKtControl) DRV - [2001-03-20 11:55:42 | 000,009,176 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WNTHW.SYS -- (WNTHW) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.michelin.com;10.*; IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = intgk001.car.michelin.com:8000 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.michelin.com;10.*; IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = intgk001.car.michelin.com:8000 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.michelin.com;10.* IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = intgk001.car.michelin.com:8000 IE - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank IE - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-558522827-4212676017-31143968-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-558522827-4212676017-31143968-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.michelin.com;10.*; IE - HKU\S-1-5-21-558522827-4212676017-31143968-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = intgk001.car.michelin.com:8000 IE - HKU\S-1-5-21-558522827-4212676017-31143968-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://iecfg.eur.michelin.com/iefiles/ins/win32/en/auto.ins [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1069 FF - prefs.js..extensions.enabledItems: langpack-en-GB@firefox.mozilla.org:3.6.160 FF - prefs.js..extensions.enabledItems: langpack-es-ES@firefox.mozilla.org:3.6.447 FF - prefs.js..extensions.enabledItems: langpack-fr@firefox.mozilla.org:3.6.1250 FF - prefs.js..extensions.enabledItems: langpack-hu@firefox.mozilla.org:3.6.201 FF - prefs.js..extensions.enabledItems: langpack-it@firefox.mozilla.org:3.6.480 FF - prefs.js..extensions.enabledItems: langpack-ja@firefox.mozilla.org:3.6.221 FF - prefs.js..extensions.enabledItems: langpack-ko@firefox.mozilla.org:3.6.235 FF - prefs.js..extensions.enabledItems: langpack-pl@firefox.mozilla.org:3.6.1266 FF - prefs.js..extensions.enabledItems: langpack-pt-BR@firefox.mozilla.org:3.6.365 FF - prefs.js..extensions.enabledItems: langpack-th@firefox.mozilla.org:3.6.168 FF - prefs.js..extensions.enabledItems: langpack-zh-CN@firefox.mozilla.org:3.6.234 FF - prefs.js..extensions.enabledItems: langpack-zh-TW@firefox.mozilla.org:3.6.305 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..network.proxy.autoconfig_url: "http://proxyeur:1959/data/proxy.pac" FF - prefs.js..network.proxy.ftp: "intgk001.car.michelin.com" FF - prefs.js..network.proxy.ftp_port: 8000 FF - prefs.js..network.proxy.gopher: "intgk001.car.michelin.com" FF - prefs.js..network.proxy.gopher_port: 8000 FF - prefs.js..network.proxy.http: "intgk001.car.michelin.com" FF - prefs.js..network.proxy.http_port: 8000 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, *.michelin.com,10.*" FF - prefs.js..network.proxy.socks: "intgk001.car.michelin.com" FF - prefs.js..network.proxy.socks_port: 8000 FF - prefs.js..network.proxy.ssl: "intgk001.car.michelin.com" FF - prefs.js..network.proxy.ssl_port: 8000 FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: c:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@novell.com/iPrint: C:\WINDOWS\system32 [2012-07-05 15:57:43 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-04 16:43:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-01 07:18:21 | 000,000,000 | ---D | M] [2012-02-27 16:54:44 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\P011229\Application Data\mozilla\Extensions [2012-02-27 16:54:45 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\P011229\Application Data\mozilla\Firefox\Profiles\z8g31fa0.default\extensions [2012-05-31 07:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-04-19 07:19:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-05-31 07:17:44 | 000,000,000 | ---D | M] ("Deutsch (DE) Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-de@firefox.mozilla.org [2012-05-31 07:17:44 | 000,000,000 | ---D | M] ("English (GB) Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-en-GB@firefox.mozilla.org [2012-05-31 07:17:44 | 000,000,000 | ---D | M] ("Español (España) Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-es-ES@firefox.mozilla.org [2012-05-31 07:17:44 | 000,000,000 | ---D | M] ("Français Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-fr@firefox.mozilla.org [2012-05-31 07:17:44 | 000,000,000 | ---D | M] ("Magyar (HU) Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-hu@firefox.mozilla.org [2012-05-31 07:17:44 | 000,000,000 | ---D | M] ("Italiano (IT) Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-it@firefox.mozilla.org [2012-05-31 07:17:44 | 000,000,000 | ---D | M] ("Japanese Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-ja@firefox.mozilla.org [2012-05-31 07:17:43 | 000,000,000 | ---D | M] ("Korean (KR) Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-ko@firefox.mozilla.org [2012-05-31 07:17:43 | 000,000,000 | ---D | M] ("Polski Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-pl@firefox.mozilla.org [2012-05-31 07:17:43 | 000,000,000 | ---D | M] ("PortuguĂŞs Brasileiro Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-pt-BR@firefox.mozilla.org [2012-05-31 07:17:43 | 000,000,000 | ---D | M] ("Thai Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-th@firefox.mozilla.org [2012-05-31 07:17:43 | 000,000,000 | ---D | M] ("Chinese Simplified (zh-CN) Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-zh-CN@firefox.mozilla.org [2012-05-31 07:17:43 | 000,000,000 | ---D | M] ("Traditional Chinese (zh-TW) Language Pack") -- C:\Program Files\Mozilla Firefox\extensions\langpack-zh-TW@firefox.mozilla.org [2012-04-19 07:19:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-04-19 07:19:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2012-07-04 22:59:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CTSAlert] C:\Program Files\Michelin ISIS Europe\UsrEnvXP\CTSAlert.exe (Michelin) O4 - HKLM..\Run: [DialinCheck] C:\Program Files\Michelin ISIS Europe\DialinCheck\DialinCheck.exe (Michelin) O4 - HKLM..\Run: [DIS_BRG_RUN] C:\Program Files\Michelin ISIS Europe\DIS_BRG\DIS_BRG_RUN.vbs () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [IE6Popup_Run] C:\Program Files\Internet Explorer\IE6Popup_Run.vbs () O4 - HKLM..\Run: [IE6Reuse_Run] C:\Program Files\Internet Explorer\IE6Reuse_Run.vbs () O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.) O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.) O4 - HKLM..\Run: [ISISXPSP1] C:\Program Files\Michelin ISIS Europe\ISISXPSP1\SP1Run.vbs () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [MyDocPth] C:\Program Files\Michelin ISIS Europe\UsrEnvXP\MyDocPth.exe (Michelin Tyre Company) O4 - HKLM..\Run: [MyExtrXp] C:\Program Files\attachmate\e!e2k\myextrxp.vbs () O4 - HKLM..\Run: [NEOxp] C:\Program Files\Michelin ISIS Europe\NEOxp\NEOxp.vbs () O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.) O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [sav_vdb] C:\Program Files\Michelin ISIS Europe\sav_vdb\SAV_VDB.vbs () O4 - HKLM..\Run: [SecurityBoxKernel] C:\Program Files\MSI\Security Box\Kernel\SbKrnl.exe (Arkoon Network Security - http://www.securitybox.net) O4 - HKLM..\Run: [SMBHelper] D:\Documents and Settings\P011229\Local Settings\Application Data\Microsoft\Windows\581\SMBHelper.exe () O4 - HKLM..\Run: [TempClear] C:\Program Files\Michelin ISIS Europe\UsrEnvXP\TempClear.exe (Michelin) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKLM..\Run: [WMPLAYXP] C:\Program Files\Windows Media Player\WMPLAYXP.vbs () O4 - HKLM..\Run: [xltCertPropUI] C:\Program Files\Gemalto\Access Client\v5\xltCertPropUI.exe (Gemalto, Inc.) O4 - HKLM..\Run: [xltScMon.exe] C:\WINDOWS\system32\xltScMon.exe (Gemalto, Inc.) O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe (Novell, Inc) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk = C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe (Internet Security Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %windir%\resources\Themes\Luna\Luna.msstyles (Microsoft) O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1 O7 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll () O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.) O15 - HKLM\..Trusted Domains: michelin.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: michelin.com ([iecfg.eur] http in Trusted sites) O15 - HKU\S-1-5-21-558522827-4212676017-31143968-1005\..Trusted Domains: michelin.com ([iecfg.eur] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_16-windows-i586.cab (Java Plug-in 1.4.2_16) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = michelin.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C87E2DAC-A0A6-4025-AF54-C62FD627657D}: DhcpNameServer = 10.176.0.2 10.139.1.64 10.139.2.64 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7D70044-E0BC-41A1-AF31-3B53C5684D05}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\Michelin ISIS Europe\UsrEnvXP\CTSProf.exe) - C:\Program Files\Michelin ISIS Europe\UsrEnvXP\CTSProf.exe (Michelin Tyre) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\NWGINA.dll (Novell, Inc.) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O20 - Winlogon\Notify\NetIdentity Notification: DllName - (C:\WINDOWS\system32\Novell\XtNotify.dll) - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.) O20 - Winlogon\Notify\SBDWLX: DllName - (C:\Program Files\MSI\Security Box\Disk\SBDWLX.DLL) - C:\Program Files\MSI\Security Box\Disk\SBDWLX.DLL (Arkoon Network Security - http://www.securitybox.net) O20 - Winlogon\Notify\SBSCHED: DllName - (C:\Program Files\MSI\Security Box\Kernel\sbxwl.dll) - C:\Program Files\MSI\Security Box\Kernel\sbxwl.dll (Methode et Solution Informatique S.A. - http://www.securitybox.net) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc) O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-10-18 16:32:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-07-07 17:54:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2012-07-06 23:53:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\P011229\Application Data\hellomoto [2012-07-04 07:11:57 | 000,043,520 | ---- | C] (Novell, Inc.) -- C:\WINDOWS\System32\PassiveModeAlternateCredentials.exe [2012-07-04 07:11:56 | 000,188,453 | ---- | C] (Novell, Inc.) -- C:\WINDOWS\System32\dplwin32.dll [2012-07-04 07:11:56 | 000,172,069 | ---- | C] (Novell, Inc.) -- C:\WINDOWS\System32\dppwin32.dll [2012-07-04 07:11:56 | 000,135,205 | ---- | C] (Novell, Inc.) -- C:\WINDOWS\System32\dpswin32.dll [2012-07-04 07:11:56 | 000,090,149 | ---- | C] (Novell, Inc.) -- C:\WINDOWS\System32\dpawin32.dll [2012-07-04 07:11:56 | 000,049,248 | ---- | C] (Novell, Inc.) -- C:\WINDOWS\System32\dprpcw32.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-07-07 17:46:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2012-07-07 17:42:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-07 09:31:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-07-07 09:00:57 | 000,007,434 | RHS- | M] () -- D:\Documents and Settings\P011229\ntuser.pol [2012-07-07 09:00:48 | 000,005,112 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol [2012-07-05 20:19:49 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012-07-05 15:57:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-04 16:28:14 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\crypt32_dll.iss [2012-07-04 16:28:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\wininet_dll.iss [2012-07-04 16:28:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss [2012-07-04 16:28:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\url_dll.iss [2012-07-04 16:25:16 | 000,383,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-07-04 14:38:13 | 000,096,118 | ---- | M] () -- D:\Documents and Settings\P011229\Desktop\11671-00634-OLS_d.pdf [2012-07-04 07:11:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-07-02 15:58:54 | 000,512,000 | ---- | M] () -- D:\Documents and Settings\P011229\Desktop\Dane_baza.accdb [2012-07-02 06:58:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-07-01 12:50:45 | 022,368,256 | ---- | M] () -- D:\Documents and Settings\P011229\Desktop\OPERATORZY_PIS.mdb [2012-06-22 20:48:12 | 000,082,522 | ---- | M] () -- C:\CTSPatch.ini [2012-06-19 15:55:53 | 000,000,011 | ---- | M] () -- C:\WINDOWS\NetWare.INI [2012-06-18 15:48:02 | 000,000,653 | ---- | M] () -- C:\WINDOWS\ODBC.INI [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-04 14:38:12 | 000,096,118 | ---- | C] () -- D:\Documents and Settings\P011229\Desktop\11671-00634-OLS_d.pdf [2012-06-28 15:52:13 | 000,512,000 | ---- | C] () -- D:\Documents and Settings\P011229\Desktop\Dane_baza.accdb [2012-06-28 15:44:59 | 022,368,256 | ---- | C] () -- D:\Documents and Settings\P011229\Desktop\OPERATORZY_PIS.mdb [2012-04-17 14:49:09 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_UNODBC.dll [2012-04-16 14:18:00 | 000,000,130 | ---- | C] () -- D:\Documents and Settings\P011229\Local Settings\Application Data\fusioncache.dat [2012-03-21 11:10:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-03-16 16:26:02 | 000,003,393 | ---- | C] () -- C:\WINDOWS\winhlp32.ini [2012-03-10 17:31:19 | 000,007,680 | ---- | C] () -- D:\Documents and Settings\P011229\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-03-05 22:33:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2012-03-05 20:13:44 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysInfo_6.dll [2012-03-05 20:13:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012-03-03 20:33:23 | 000,707,504 | ---- | C] () -- D:\Documents and Settings\P011229\Local Settings\Application Data\unins000.exe [2012-03-03 20:33:23 | 000,011,761 | ---- | C] () -- D:\Documents and Settings\P011229\Local Settings\Application Data\unins000.msg [2012-03-03 20:33:23 | 000,002,164 | ---- | C] () -- D:\Documents and Settings\P011229\Local Settings\Application Data\unins000.dat [2012-03-02 11:53:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-02-29 10:19:11 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe [2012-02-28 12:46:59 | 000,000,247 | ---- | C] () -- C:\WINDOWS\RLEIcons.ini [2012-02-28 12:01:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EvMoveW.INI [2012-02-28 11:48:26 | 000,001,364 | ---- | C] () -- C:\WINDOWS\EDS.ini [2012-02-28 11:43:21 | 000,000,128 | ---- | C] () -- C:\WINDOWS\rocksoft.ini [2012-02-27 23:02:44 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI [2012-02-27 15:24:19 | 000,000,158 | ---- | C] () -- C:\WINDOWS\ricdb.ini [2012-02-27 14:02:01 | 000,000,218 | ---- | C] () -- C:\WINDOWS\ORAODBC.INI [2012-02-27 12:49:02 | 000,007,434 | RHS- | C] () -- D:\Documents and Settings\P011229\ntuser.pol [2012-02-27 09:50:13 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\npnipp.dll [2012-02-27 09:50:13 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\nipplpte.exe [2012-02-27 09:50:13 | 000,034,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys [2012-02-27 09:50:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\icapture.exe [2012-02-24 15:29:29 | 000,133,825 | ---- | C] () -- C:\WINDOWS\System32\compreg.dat [2012-02-24 15:29:29 | 000,099,284 | ---- | C] () -- C:\WINDOWS\System32\xpti.dat [2012-02-24 15:29:28 | 000,000,227 | ---- | C] () -- C:\WINDOWS\System32\compatibility.ini [2012-02-24 15:24:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2012-02-24 15:24:03 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012-02-24 15:23:56 | 000,005,112 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol [2012-02-24 15:23:56 | 000,000,496 | ---- | C] () -- C:\WINDOWS\gpt.ini.BAK [2012-02-24 14:51:05 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2012-02-24 14:49:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe [2011-10-18 19:44:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011-10-18 17:29:38 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS [2011-10-18 17:27:58 | 002,934,600 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011-10-18 17:26:16 | 000,004,613 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-10-18 17:25:25 | 000,383,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-10-18 17:18:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2011-10-18 17:18:45 | 000,442,360 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2011-10-18 17:18:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2011-10-18 17:18:45 | 000,072,008 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2011-10-18 17:18:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2011-10-18 17:18:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2011-10-18 17:18:44 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2011-10-18 17:18:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2011-10-18 17:18:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2011-10-18 17:18:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2011-10-18 17:18:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2011-10-18 17:18:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2011-10-18 17:10:20 | 000,000,653 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011-10-18 17:03:51 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2011-10-18 17:03:50 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2011-10-18 17:03:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2011-10-18 17:03:49 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2011-10-18 16:53:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-10-18 16:40:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2011-10-18 16:30:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-10-18 16:29:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2010-09-24 18:21:46 | 000,036,472 | ---- | C] () -- C:\WINDOWS\System32\LINXVDD.DLL [2010-09-24 16:38:44 | 000,007,449 | ---- | C] () -- C:\WINDOWS\System32\drivers\SDDHP.BIN [2010-09-24 16:38:44 | 000,006,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\slcnewkt.bin [2010-09-24 16:38:44 | 000,005,433 | ---- | C] () -- C:\WINDOWS\System32\drivers\SDDH.BIN [2010-09-24 16:38:42 | 000,001,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST3.BIN [2010-09-24 16:38:42 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST1.BIN [2010-09-24 16:38:42 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST2.BIN [2010-09-24 16:38:40 | 000,015,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMK485.BIN [2010-09-24 16:38:40 | 000,015,557 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTX485.BIN [2010-09-24 16:38:40 | 000,009,282 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKPCL.BIN [2010-09-24 16:38:40 | 000,009,139 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXPCL.BIN [2010-09-24 16:38:40 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXST1.BIN [2010-09-24 16:38:40 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCMKST0.BIN [2010-09-24 16:38:40 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTXST0.BIN [2010-09-24 16:38:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\KTC.BIN [2010-09-24 16:38:38 | 000,007,575 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLPCL.BIN [2010-09-24 16:38:38 | 000,001,825 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST2.BIN [2010-09-24 16:38:38 | 000,001,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST2.BIN [2010-09-24 16:38:38 | 000,001,801 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST1.BIN [2010-09-24 16:38:38 | 000,001,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST1.BIN [2010-09-24 16:38:38 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\KLST0.BIN [2010-09-24 16:38:38 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\drivers\KT2ST0.BIN [2010-09-22 16:18:56 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [color=#E56717]========== LOP Check ==========[/color] [2012-02-24 15:29:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\OpenTrust [2012-03-05 14:59:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Autodesk [2012-03-05 20:13:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BlazeVideo [2012-03-16 18:24:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DatacardService [2012-02-28 12:20:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\FNP [2012-03-16 18:24:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Internet Mobilny [2012-07-04 22:40:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\iPass [2012-03-30 09:09:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Juniper Networks [2011-10-18 18:36:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Lotus [2012-05-16 12:35:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Nitro PDF [2012-03-05 20:22:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Plugins [2012-02-27 15:24:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\RICOH [2012-04-17 15:11:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Rockwell [2012-02-28 12:31:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Rockwell Automation [2012-02-29 10:11:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ScanSoft [2012-02-28 15:41:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Softland [2012-07-01 16:49:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP [2012-02-28 14:30:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\WFCU [2012-02-29 10:11:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\zeon [2012-03-05 14:59:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\Autodesk [2012-02-29 10:20:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\CAD-KAS [2012-05-16 12:28:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\Downloaded Installations [2012-07-06 23:53:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\hellomoto [2012-04-15 16:15:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\Juniper Networks [2012-04-30 14:09:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\Microscan [2012-07-05 15:57:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\Nitro PDF [2012-02-27 13:34:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\PwrMgr [2012-02-29 12:15:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\ScanSoft [2012-02-28 15:41:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\Softland [2012-02-29 10:12:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P011229\Application Data\Zeon [2012-04-03 12:32:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P013420\Application Data\Juniper Networks [2012-02-28 13:37:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\P013420\Application Data\PwrMgr [2012-02-27 13:43:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\PB00032\Application Data\Autodesk [2012-02-27 13:47:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\PB00032\Application Data\PwrMgr [2012-02-27 09:43:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\PP00001\Application Data\PwrMgr [2012-07-05 20:19:49 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 142 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08 @Alternate Data Stream - 128 bytes -> C:\WINDOWS:nlsPreferences < End of report >